Hi everyone, I have a Synology DS418play which has had a Let's Encrypt certificate for a couple of years and has never had an issue renewing automatically until now, which I only noticed when my certificate expired. If I try to renew the certificate manually, I get the error "Let's Encrypt is unable to validate this domain name". I have ensured that ports 80 and 443 are open, and I also saw this thread (Failed to connect to Let's Encrypt. Please make sure the domain name is valid) and followed the advice there, to no avail. I was not able to check the .well-known acme challenge file because no such file seems to exist on my NAS. My DNS configuration does not have ipv6 configured (no AAAA records). The only thing I noticed that was different was that when I check my DNS records using a third party service, it also has *.happylittlebirds.com, even though I have not configured a wildcard domain like that with my domain registrar.
I ran this command: I used the built in features of Synology DSM 7.0.
It produced this output: "Let's Encrypt is unable to validate this domain name. Please make sure your DiskStation and router have port 80 open to Let's Encrypt domain validation from the Internet. All the other communications with Let's Encrypt go over HTTPS to keep your DiskStation secure.
My web server is (include version): The version DSM 7.0 includes.
The operating system my web server runs on is (include version): DSM 7.0.1-42214
My hosting provider, if applicable, is: Self-hosted. Google Domains, if that's what it's asking for.
I can login to a root shell on my machine (yes or no, or I don't know): I don't know
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): nil
I have also verified that I am able to access my website on a separate device on a different connection via the web browser, so my ISP is not blocking port 80 or 443 for me.
Thank you and orangepizza so much for your help. I've figured it out - I set a region block on my NAS a while back to block incoming connections from outside Singapore as a security measure, and it completely slipped my mind that it would affect Let's Encrypt as well. I've fixed it by allowing connections to ports 80 and 443 from all around the world in the meantime. Seems like there is no way to only allow Let's Encrypt connections through, so this will do for now. The problem was solely self-caused, so I appreciate all of your time and effort in helping me out. Thanks!
Just of note, the DSM 7.0 firewall changes seem to behave differently to the 6.2 days. In the past, I would simply "disable" my DENY rule for the whole world, and then run the renew. This didn't work "this time". But as it turned out, I had to also disable/enable the firewall rule to actually make it work. (And my cert renewed fine). Posted this just in case someone else comes across the same issue.
